martinha | 25.10.2016 14:49 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 25.10.2016
Suchlaufzeit: 12:48
Protokolldatei: Trojanerboard.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.10.22.04
Rootkit-Datenbank: v2016.09.26.02
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: martinha
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 624702
Abgelaufene Zeit: 1 Std., 9 Min., 6 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 1
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [8fad8e0e7228d165b54b658f53b036ca],
Registrierungswerte: 5
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [c17b2d6fc8d2da5cc3939e2e03ff9d63]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [3efeb7e5306a84b2950e4aac9271f10f]
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [8fad8e0e7228d165b54b658f53b036ca]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [66d6a0fc37632d09346eb046cd368e72]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [bd7f3864c4d624121c876a8c6f94f010]
Registrierungsdaten: 14
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Anfresh.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Anfresh.dll),,[9ba1584491099b9bb7f531a88b79ab55]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Plusplus.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Plusplus.dll),,[80bcd0ccaeec54e2a8f1598074904db3]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[cb71910ba6f463d367d382f793710cf4]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[70ccecb09ffb0f2784be3742da2ae818]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[47f58a120793b08648fac0b947bd728e]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[a9938e0e5545c472f05292e7cb39d030]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7cc0306c6a30cd690a38ec8dd2322ad6]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[70cc504c306a63d362e1aecb34d02ed2]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[60dcc8d4306a48eea1a13a3f2cd8a957]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[dc608d0fa2f8eb4b98aae594bf454ab6]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7ac275275f3bd561231ff68346be867a]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[14283e5e49511f17083a97e2778d9b65]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[b38916863d5d5adc6bd896e3e321a15f]
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[360637657f1b2e0856e3dd9c63a1e917]
Ordner: 2
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, , [28143b618d0d24121de2e40f4fb403fd],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels, , [a19b0e8e9406ee48aa29227a06fe8080],
Dateien: 10
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Anfresh.dll, , [9ba1584491099b9bb7f531a88b79ab55],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Plusplus.dll, , [80bcd0ccaeec54e2a8f1598074904db3],
Trojan.Downloader, C:\ProgramData\focel\Zonquadtax.exe, , [a19ba8f4c2d8da5cc0eb5c7d798bb050],
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Ranlam.ico, , [28143b618d0d24121de2e40f4fb403fd],
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Saofresh.ico, , [28143b618d0d24121de2e40f4fb403fd],
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Whitetex.ico, , [28143b618d0d24121de2e40f4fb403fd],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.HP, , [a19b0e8e9406ee48aa29227a06fe8080],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.NT, , [a19b0e8e9406ee48aa29227a06fe8080],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\snp.sc, , [a19b0e8e9406ee48aa29227a06fe8080],
PUP.Optional.Linkury.ACMB1, C:\Users\martinha\AppData\Roaming\Mozilla\Firefox\Profiles\afd7ehde.default-1421493400080\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\focels\\ff.NT");), ,[a19b44589505ef4763237e1fa65e926e]
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) Zitat:
Zitat von martinha
(Beitrag 1618174)
Bei einem Suchlauf hat Malwarebytes u.a. Downloadtrojaner auf C:\ProgrammData\focel\Zonquadttax.exe gefunden. Daneben habe ich das Problem einer ständigen Veränderung meiner Firefox Startseite. Bitte helft einem 68-jährigen Computer-Halbwissendem. DANKE !!! | |